Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sat, 2 Mar 2002 19:39:39 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sat, 2 Mar 2002 19:39:28 -0500 Received: from ja.mac.ssi.bg ([212.95.166.194]:9738 "EHLO u.domain.uli") by vger.kernel.org with ESMTP id ; Sat, 2 Mar 2002 19:39:14 -0500 Date: Sun, 3 Mar 2002 02:38:36 +0000 (GMT) From: Julian Anastasov X-X-Sender: ja@u.domain.uli To: Alan Cox cc: erich@uruk.org, Szekeres Bela , Daniel Gryniewicz , linux-kernel Subject: Re: Network Security hole (was -> Re: arp bug ) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Sat, 2 Mar 2002, Alan Cox wrote: > Language confusion - "if you want to make the case" = "if you want to argue > that a value of rp_filter = 2 should in future (after you implement it) mean > apply a both way rule - then I agree) Yes, the arp_prefsrc feature can depend on rp_filter||arp_filter but I prefer to keep it independent. And there is an agreement on netdev that all ARP filtering issues (including the problem with shared IPs in clusters) should be fixed by maintaining ARP hooks for universal filtering. Then even the arp_prefsrc feature can be implemented with proper rules. TODO. Until then, this is a temp solution. > Alan Regards -- Julian Anastasov - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/